Static task
static1
Behavioral task
behavioral1
Sample
NEAS.02112c5b54345c25fce3a6968dc86140.exe
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral2
Sample
NEAS.02112c5b54345c25fce3a6968dc86140.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
General
-
Target
NEAS.02112c5b54345c25fce3a6968dc86140.exe
-
Size
84KB
-
MD5
02112c5b54345c25fce3a6968dc86140
-
SHA1
2d010a5d04915270c41818e879974e9de06b1f39
-
SHA256
524eee9f12d678ba28212bea1e43134a204b5cb1f98f6b32ca4045c1be547c73
-
SHA512
79846d94a0e25d081d10f2590b4c33a0365e5674190af6ab6d0f483983d3a07479bbc5718531a02a6df232ef735dc6e0843bed1edf32148b178fded1e8fd91ab
-
SSDEEP
1536:5+sTi21kkmnaeSfpRIKsUewDTQK9DGRgEJO0sXTzgLd4oliXzoySw:5+kiGk7upFsUkKRG2fzgLdzsD
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource NEAS.02112c5b54345c25fce3a6968dc86140.exe
Files
-
NEAS.02112c5b54345c25fce3a6968dc86140.exe.exe windows:4 windows x86
85a4cedaa67a18dc1c1167f75b322032
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
user32
GetQueueStatus
DrawIcon
MapVirtualKeyW
AttachThreadInput
GetWindowPlacement
GetWindowRect
FindWindowA
PackDDElParam
DialogBoxParamA
DefDlgProcA
GetMenuItemInfoW
SendMessageA
GetMessageTime
FindWindowExW
DdeDisconnect
EmptyClipboard
GetMonitorInfoW
SetScrollInfo
DestroyCursor
EndDialog
SetMenuInfo
setupapi
CM_Request_Device_Eject_ExA
CM_Delete_DevNode_Key
SetupDiChangeState
CM_Merge_Range_List
SetupInitializeFileLogW
CM_Connect_MachineA
SetupDiGetDeviceInstallParamsA
SetupDiGetDeviceInterfaceDetailW
SetupDiClassNameFromGuidW
CM_Register_Device_Interface_ExW
SetupInstallFileW
SetupDiGetClassDevsW
SetupLogFileW
SetupDiEnumDeviceInfo
SetupCommitFileQueueA
CM_Open_Class_KeyA
CM_Get_Next_Res_Des
CM_Uninstall_DevNode
CM_Uninstall_DevNode_Ex
SetupInstallFileExW
CM_Reenumerate_DevNode_Ex
SetupDiDestroyDeviceInfoList
CM_Set_DevNode_Registry_Property_ExW
SetupAddSectionToDiskSpaceListA
SetupQuerySourceListW
SetupGetBackupInformationA
CM_Open_Class_KeyW
SetupDiGetClassImageListExW
SetupGetSourceInfoW
CM_Get_Device_Interface_List_ExW
SetupDiSetDriverInstallParamsW
SetupDiOpenDeviceInterfaceA
SetupDiGetDriverInstallParamsA
SetupGetFileCompressionInfoW
SetupGetSourceFileLocationA
CM_Run_Detection
SetupDiDestroyDriverInfoList
CM_Get_Resource_Conflict_DetailsA
SetupDiGetClassDevPropertySheetsA
CM_Get_Device_Interface_List_SizeW
CM_Move_DevNode
SetupDiCreateDeviceInfoW
CM_Get_DevNode_Registry_PropertyW
CM_Get_Version_Ex
SetupDiGetINFClassW
SetupGetMultiSzFieldA
CM_Get_Resource_Conflict_Count
SetupGetInfFileListA
SetupQueryFileLogW
CM_Locate_DevNodeA
CM_Request_Eject_PC_Ex
SetupQueryInfFileInformationW
CM_Remove_SubTree
SetupDiGetClassDevsExA
SetupDiGetHwProfileFriendlyNameA
SetupAddSectionToDiskSpaceListW
SetupInstallFilesFromInfSectionW
SetupDecompressOrCopyFileW
SetupQueueDefaultCopyA
CM_Setup_DevNode_Ex
CM_Set_DevNode_Problem
SetupGetTargetPathW
SetupIterateCabinetA
CM_Set_Class_Registry_PropertyA
SetupDiGetDeviceRegistryPropertyW
SetupOpenAppendInfFileA
SetupQueueCopyW
SetupDiGetDeviceRegistryPropertyA
SetupCloseLog
SetupTerminateFileLog
SetupGetSourceInfoA
SetupDiGetClassDevsA
SetupDiClassNameFromGuidExW
InstallHinfSectionA
SetupDiClassGuidsFromNameExA
CM_Get_Device_ID_ExA
SetupQueueDeleteW
SetupFindNextMatchLineW
CM_Get_DevNode_Status_Ex
SetupDiOpenDeviceInfoA
SetupDiGetWizardPage
SetupDiEnumDriverInfoA
SetupFindNextLine
SetupDiClassNameFromGuidA
CM_Enumerate_EnumeratorsA
SetupDiDrawMiniIcon
SetupQueueRenameW
SetupDiSelectBestCompatDrv
SetupDiSetDriverInstallParamsA
SetupQueueDeleteA
CM_Get_Class_Key_NameW
CM_Get_Sibling
CM_Get_Device_ID_ListA
SetupDiCreateDeviceInterfaceA
CM_Query_And_Remove_SubTreeW
SetupPromptForDiskA
SetupOpenInfFileA
SetupDiSetSelectedDriverA
SetupDiSetDeviceInstallParamsW
SetupQueryInfVersionInformationA
SetupDiSetDeviceRegistryPropertyA
SetupGetBackupInformationW
CM_Register_Device_InterfaceW
SetupSetDirectoryIdW
SetupDiGetDeviceInterfaceAlias
SetupSetSourceListA
SetupSetDirectoryIdExA
CM_Enumerate_EnumeratorsW
CM_Unregister_Device_Interface_ExW
SetupDiEnumDriverInfoW
SetupDiGetActualSectionToInstallW
SetupGetInfFileListW
SetupBackupErrorW
SetupDiGetDriverInfoDetailW
CM_Query_Remove_SubTree
CM_Get_Device_Interface_List_ExA
SetupLogFileA
SetupDiGetDriverInfoDetailA
CM_Is_Dock_Station_Present_Ex
CM_Get_Device_Interface_List_Size_ExA
CM_Get_First_Log_Conf_Ex
CM_Detect_Resource_Conflict_Ex
SetupQueueRenameA
CM_Set_DevNode_Registry_PropertyA
SetupGetInfSections
CM_Connect_MachineW
CM_Get_Device_ID_List_SizeA
SetupQueryInfFileInformationA
CM_Next_Range
SetupCopyErrorW
CM_Open_DevNode_Key
CM_Get_Global_State
CM_Free_Res_Des
SetupRenameErrorA
SetupCopyOEMInfA
SetupAddToDiskSpaceListW
SetupDiGetINFClassA
CM_First_Range
CM_Get_Device_ID_ListW
SetupDiClassNameFromGuidExA
SetupDiOpenDevRegKey
CM_Set_HW_Prof_FlagsW
CM_Register_Device_InterfaceA
SetupAdjustDiskSpaceListA
CM_Get_Child
CM_Get_Device_ID_List_ExW
CM_Set_HW_Prof
CM_Set_DevNode_Registry_PropertyW
CM_Get_Hardware_Profile_InfoW
CM_Get_Resource_Conflict_DetailsW
SetupDiInstallDriverFiles
CM_Get_Depth_Ex
SetupDiSelectOEMDrv
SetupGetStringFieldW
SetupAddToSourceListW
CM_Get_Device_Interface_ListA
CM_Invert_Range_List
CM_Get_Child_Ex
SetupDiGetHwProfileFriendlyNameExW
SetupSetPlatformPathOverrideW
SetupAdjustDiskSpaceListW
CM_Create_DevNode_ExW
CM_Get_Res_Des_Data_Size
CM_Get_Next_Res_Des_Ex
SetupCloseFileQueue
CM_Add_Res_Des_Ex
CM_Disable_DevNode
CM_Get_Global_State_Ex
CM_Get_Device_Interface_ListW
SetupInstallFilesFromInfSectionA
CM_Query_Arbitrator_Free_Data_Ex
SetupGetLineTextA
CM_Query_Remove_SubTree_Ex
SetupDiCancelDriverInfoSearch
SetupDiGetDeviceInterfaceDetailA
SetupGetTargetPathA
CM_Get_Hardware_Profile_Info_ExW
CM_Get_Device_ID_Size
SetupSetPlatformPathOverrideA
SetupQueryInfOriginalFileInformationW
SetupDiInstallDeviceInterfaces
SetupAddToSourceListA
CM_Query_Resource_Conflict_List
CM_Set_Class_Registry_PropertyW
SetupDiCreateDeviceInfoA
CM_Get_Device_ID_List_SizeW
CM_Get_Device_Interface_Alias_ExA
SetupDefaultQueueCallbackA
SetupQuerySpaceRequiredOnDriveW
CM_Set_DevNode_Registry_Property_ExA
SetupDestroyDiskSpaceList
CM_Unregister_Device_Interface_ExA
SetupRemoveSectionFromDiskSpaceListW
CM_Get_Res_Des_Data_Ex
SetupDiCreateDevRegKeyA
SetupGetInfInformationA
CM_Create_DevNodeW
SetupDeleteErrorW
SetupDiCreateDeviceInfoListExW
CM_Locate_DevNodeW
SetupInstallServicesFromInfSectionA
CM_Request_Device_Eject_ExW
SetupDiGetClassImageIndex
CM_Get_HW_Prof_FlagsW
SetupFreeSourceListW
CM_Enumerate_Classes_Ex
SetupDiBuildDriverInfoList
SetupQueryInfOriginalFileInformationA
CM_Query_Arbitrator_Free_Data
CM_Get_Res_Des_Data
CM_Get_Log_Conf_Priority
SetupCreateDiskSpaceListW
SetupDiGetActualSectionToInstallA
SetupDiLoadClassIcon
SetupDiGetDeviceInfoListClass
SetupInstallServicesFromInfSectionExA
ExtensionPropSheetPageProc
CM_Register_Device_Interface_ExA
SetupRemoveInstallSectionFromDiskSpaceListW
SetupDiCallClassInstaller
SetupGetIntField
CM_Get_Device_Interface_List_SizeA
CM_Modify_Res_Des_Ex
SetupQueueDeleteSectionW
CM_Get_Device_IDW
SetupInstallFileExA
CM_Get_Class_NameA
CM_Get_Res_Des_Data_Size_Ex
CM_Find_Range
SetupDiGetClassDescriptionExW
SetupDiInstallClassExA
SetupDiGetDriverInstallParamsW
SetupDiGetHwProfileFriendlyNameExA
SetupDiRemoveDeviceInterface
CM_Create_Range_List
SetupTermDefaultQueueCallback
CM_Get_Parent_Ex
SetupGetLineCountW
SetupDiCreateDevRegKeyW
CM_Free_Log_Conf
SetupQueueCopyIndirectW
CM_Unregister_Device_InterfaceW
CM_Get_DevNode_Status
SetupSetFileQueueAlternatePlatformW
CM_Get_Device_Interface_AliasW
CM_Reenumerate_DevNode
SetupDiDeleteDevRegKey
SetupDiCreateDeviceInterfaceW
SetupGetBinaryField
CM_Delete_DevNode_Key_Ex
CM_Free_Res_Des_Ex
SetupDiGetClassDevsExW
SetupGetFieldCount
SetupRemoveFromSourceListW
SetupDiGetSelectedDriverW
SetupQueryFileLogA
CM_Create_DevNode_ExA
CM_Register_Device_Driver
SetupDiGetDeviceInfoListDetailA
CM_Intersect_Range_List
SetupAddToDiskSpaceListA
SetupDiGetHwProfileFriendlyNameW
SetupGetSourceFileSizeA
SetupDiInstallClassW
CM_Get_Device_ID_List_Size_ExW
CM_Get_Log_Conf_Priority_Ex
SetupDiOpenDeviceInfoW
SetupInitDefaultQueueCallbackEx
CM_Get_Next_Log_Conf
SetupQueueCopyA
SetupRemoveFromDiskSpaceListW
SetupGetMultiSzFieldW
CM_Enable_DevNode
SetupQueueCopySectionA
SetupDiDeleteDeviceInterfaceRegKey
SetupDiDeleteDeviceInfo
CM_Get_Sibling_Ex
CM_Enumerate_Classes
SetupDefaultQueueCallbackW
SetupDiSelectDevice
SetupDiInstallClassA
SetupInitializeFileLogA
CM_Detect_Resource_Conflict
SetupDiCreateDeviceInfoList
SetupOpenAppendInfFileW
SetupDiEnumDeviceInterfaces
SetupDiClassGuidsFromNameA
CM_Open_DevNode_Key_Ex
SetupInitDefaultQueueCallback
imm32
ImmAssociateContext
cryptui
CryptUIStartCertMgr
CryptUIDlgCertMgr
CryptUIDlgViewCRLW
CryptUIDlgFreeCAContext
CryptUIFreeViewSignaturesPagesA
CryptUIFreeViewSignaturesPagesW
CryptUIWizBuildCTL
CryptUIGetViewSignaturesPagesA
CryptUIDlgViewCRLA
CryptUIDlgViewCertificatePropertiesW
CryptUIDlgViewCertificateW
CryptUIDlgViewSignerInfoA
CryptUIFreeCertificatePropertiesPagesA
CryptUIDlgSelectCA
CryptUIWizFreeDigitalSignContext
CryptUIDlgSelectCertificateW
CryptUIGetCertificatePropertiesPagesA
CryptUIWizExport
CryptUIGetViewSignaturesPagesW
ACUIProviderInvokeUI
kernel32
GetSystemTimeAdjustment
OpenFileMappingW
FoldStringA
RequestDeviceWakeup
GetPrivateProfileSectionNamesW
GetDiskFreeSpaceExA
WaitForMultipleObjects
DeleteVolumeMountPointW
GlobalFix
DnsHostnameToComputerNameW
GetVolumeNameForVolumeMountPointW
EnumResourceTypesW
IsBadStringPtrA
GetLogicalDriveStringsW
FindFirstVolumeW
GetExitCodeThread
GetStringTypeA
CreateFileA
SetThreadLocale
IsBadCodePtr
DeleteAtom
GetCPInfoExA
SetCurrentDirectoryW
InitAtomTable
SystemTimeToTzSpecificLocalTime
GetUserDefaultLCID
lstrcmpA
LockFile
SetSystemPowerState
SetThreadPriority
TlsAlloc
GetPrivateProfileStructW
FatalAppExitW
SwitchToThread
SetSystemTime
GlobalFindAtomA
CreateJobObjectA
MoveFileExA
GetStdHandle
FindFirstFileW
SizeofResource
GetProcessHeaps
CreateWaitableTimerA
GetDiskFreeSpaceA
ReadFileScatter
MapViewOfFileEx
EnumDateFormatsA
GetDriveTypeA
SystemTimeToFileTime
GetProcessAffinityMask
GetThreadPriorityBoost
GlobalAddAtomA
GlobalSize
TlsSetValue
SetProcessWorkingSetSize
WritePrivateProfileSectionA
GetNamedPipeHandleStateA
CreateHardLinkA
IsValidLocale
GetDateFormatA
LockFileEx
FoldStringW
IsDBCSLeadByte
RtlFillMemory
GetTickCount
SetSystemTimeAdjustment
GetThreadLocale
FatalExit
GetSystemDefaultLCID
FindFirstFileExA
AssignProcessToJobObject
SetFileApisToANSI
GetCommandLineW
GetCurrentProcess
FreeUserPhysicalPages
CreateSemaphoreA
FreeLibrary
DnsHostnameToComputerNameA
SetThreadPriorityBoost
lstrcmpiA
CreateDirectoryExA
SetLocaleInfoW
LCMapStringW
GetCurrentThreadId
SetFileAttributesA
GetComputerNameExA
InitializeCriticalSection
GetCurrencyFormatW
CallNamedPipeA
GetEnvironmentVariableW
FileTimeToSystemTime
SetVolumeMountPointA
GetTempPathW
GetPrivateProfileStructA
GetProcessPriorityBoost
GetEnvironmentVariableA
TlsGetValue
GetLongPathNameW
_llseek
SetCalendarInfoW
GetStringTypeW
GetModuleHandleW
LocalSize
GlobalMemoryStatus
GetLogicalDriveStringsA
ProcessIdToSessionId
SearchPathW
VerifyVersionInfoW
CompareStringW
FileTimeToDosDateTime
WaitForDebugEvent
CreateDirectoryW
RequestWakeupLatency
InterlockedDecrement
GetComputerNameW
EnumResourceLanguagesA
LoadModule
FindNextVolumeA
UpdateResourceA
GetModuleFileNameW
UnhandledExceptionFilter
RtlUnwind
PostQueuedCompletionStatus
EnumResourceNamesW
ResumeThread
GetModuleHandleA
OpenSemaphoreA
GetTempPathA
GetCPInfoExW
SetThreadIdealProcessor
SetPriorityClass
_lcreat
QueueUserWorkItem
GetThreadSelectorEntry
GetCurrentThread
GetQueuedCompletionStatus
SetVolumeLabelA
InterlockedIncrement
GetCompressedFileSizeW
GetCurrencyFormatA
GetDevicePowerState
DeleteTimerQueue
FlushInstructionCache
FindNextVolumeMountPointW
MulDiv
GetPrivateProfileStringW
lstrlenW
GetCompressedFileSizeA
SignalObjectAndWait
FreeLibraryAndExitThread
FreeResource
EnumDateFormatsExW
WaitNamedPipeA
OpenEventW
SetFileAttributesW
FindFirstVolumeMountPointW
GetPrivateProfileSectionA
DosDateTimeToFileTime
CreateMutexA
WaitForSingleObject
GlobalCompact
GetProfileStringW
FindFirstFileA
DeviceIoControl
LocalFree
CancelIo
GetVolumeNameForVolumeMountPointA
LocalCompact
GetCommProperties
CreateEventA
LocalUnlock
CreateTimerQueueTimer
BackupRead
GlobalAlloc
lstrcpynW
GetExitCodeProcess
lstrcpyW
QueryInformationJobObject
GlobalLock
FindResourceW
BackupSeek
CreateNamedPipeW
GetStringTypeExW
ResetWriteWatch
OutputDebugStringW
GetFullPathNameA
FindFirstVolumeMountPointA
WideCharToMultiByte
GetHandleInformation
GetDiskFreeSpaceExW
GetComputerNameExW
GetProcessShutdownParameters
WaitNamedPipeW
IsProcessorFeaturePresent
WritePrivateProfileStringA
GetDefaultCommConfigW
FindResourceA
GlobalFree
ResetEvent
GetProcessVersion
CallNamedPipeW
lstrcmpiW
SetErrorMode
SetEndOfFile
GetVolumeInformationW
UpdateResourceW
WriteFileGather
GetProcAddress
GetPrivateProfileSectionW
ChangeTimerQueueTimer
GetFileAttributesA
SetFileTime
OpenProcess
SetEnvironmentVariableW
GetCommMask
GlobalAddAtomW
iphlpapi
DeleteIpNetEntry
DeleteIPAddress
CreateIpNetEntry
GetFriendlyIfIndex
SetIpTTL
AllocateAndGetIpAddrTableFromStack
GetTcpStatistics
GetAdaptersInfo
SetIfEntry
GetUdpTable
NotifyAddrChange
InternalGetTcpTable
SetIpNetEntry
InternalGetIpAddrTable
NhpAllocateAndGetInterfaceInfoFromStack
InternalGetIpNetTable
GetInterfaceInfo
GetRTTAndHopCount
NTPTimeToNTFileTime
GetNumberOfInterfaces
GetPerAdapterInfo
GetUniDirectionalAdapterInfo
AddIPAddress
GetIcmpStatistics
GetIpForwardTable
Sections
.text Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: 1KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE